From 6b70f32afb472b5e4b15d58fb24445d194935db4 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Mon, 29 Jun 2015 17:29:52 +0200 Subject: [PATCH 1/5] Typo fix + change to REGEX (matches) This will deny also IP coming from the default IP 192.168.1.1 --- src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java b/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java index 3e0605cf..8da16fd9 100644 --- a/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java +++ b/src/main/java/fr/xephi/authme/process/join/AsyncronousJoin.java @@ -100,7 +100,7 @@ public class AsyncronousJoin { long timeout = Settings.getSessionTimeout * 60000; long lastLogin = auth.getLastLogin(); long cur = new Date().getTime(); - if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().equals("198.18.0.1")) { + if ((cur - lastLogin < timeout || timeout == 0) && !auth.getIp().matches("198.168.(0|1).1")) { if (auth.getNickname().equalsIgnoreCase(name) && auth.getIp().equals(ip)) { if (PlayerCache.getInstance().getAuth(name) != null) { PlayerCache.getInstance().updatePlayer(auth); From 6d1e75a7310048a9c3f2fe52d88ea6fea2f85ed1 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Mon, 29 Jun 2015 18:02:42 +0200 Subject: [PATCH 2/5] Recall email at login if RecallEmail is active. For somewhat reason email recalls didn't start from login and every 5 minutes. --- .../fr/xephi/authme/process/login/AsyncronousLogin.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java index a4a91e96..1a3d2ee2 100644 --- a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java +++ b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java @@ -150,6 +150,14 @@ public class AsyncronousLogin { m.send(player, "login"); displayOtherAccounts(auth, player); + + if (Settings.recallEmail) { + String name = player.getName().toLowerCase(); + String email = database.getAuth(name).getEmail(); + if (email == null || email.isEmpty() || email.equalsIgnoreCase("your@email.com")) + m.send(player, "add_email"); + } + if (!Settings.noConsoleSpam) ConsoleLogger.info(player.getName() + " logged in!"); From 0b1490bd6548a3c4cfd44d123ad060bda6bb67df Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 22:57:43 +0200 Subject: [PATCH 3/5] PW lenght and unsafe PW check to ChangePassword I told you, you missed it! Also, unified "lowpass.equalsIgnoreCase(name)" to the previous group of checks. This, however, still provides "Password doesn't match" error, instead of one proper error. --- .../xephi/authme/commands/ChangePasswordCommand.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java index 92e40755..921e7001 100644 --- a/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java +++ b/src/main/java/fr/xephi/authme/commands/ChangePasswordCommand.java @@ -54,14 +54,20 @@ public class ChangePasswordCommand implements CommandExecutor { } String lowpass = args[1].toLowerCase(); - if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex)) { + if ((lowpass.contains("delete") || lowpass.contains("where") || lowpass.contains("insert") || lowpass.contains("modify") || lowpass.contains("from") || lowpass.contains("select") || lowpass.contains(";") || lowpass.contains("null")) || !lowpass.matches(Settings.getPassRegex) || lowpass.equalsIgnoreCase(name)) { m.send(player, "password_error"); return true; } - if (lowpass.equalsIgnoreCase(name)) { - m.send(player, "password_error"); + if (lowpass.length() < Settings.getPasswordMinLen || lowpass.length() > Settings.passwordMaxLength) { + m.send(player, "pass_len"); return true; } + if (!Settings.unsafePasswords.isEmpty()) { + if (Settings.unsafePasswords.contains(lowpass)) { + m.send(player, "password_error"); + return true; + } + } try { String hashnew = PasswordSecurity.getHash(Settings.getPasswordHash, args[1], name); From ac919d8314e42f1b4321bc69430363b38cbb6b35 Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 23:11:02 +0200 Subject: [PATCH 4/5] Forgot AuthMe >=3.5 has a cache There's no need to redefine name and email, then. --- .../java/fr/xephi/authme/process/login/AsyncronousLogin.java | 2 -- 1 file changed, 2 deletions(-) diff --git a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java index 20f50510..3ffd7b76 100644 --- a/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java +++ b/src/main/java/fr/xephi/authme/process/login/AsyncronousLogin.java @@ -152,8 +152,6 @@ public class AsyncronousLogin { displayOtherAccounts(auth, player); if (Settings.recallEmail) { - String name = player.getName().toLowerCase(); - String email = database.getAuth(name).getEmail(); if (email == null || email.isEmpty() || email.equalsIgnoreCase("your@email.com")) m.send(player, "add_email"); } From e36337c066ae91c4e4ebd5d31aa085045729b76a Mon Sep 17 00:00:00 2001 From: Maxetto Date: Sat, 4 Jul 2015 23:20:00 +0200 Subject: [PATCH 5/5] There's an Italian translation too! Let's show some love to Italian players! --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c8204d90..bdaacf90 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ AuthMe Reloaded prevents players who aren't logged in from actions like placing
  • Possible to use without a Permissions plugin
  • Spoutcraft Login GUI
  • Automatic backup system of all your user password data -
  • Default Language Style: en, de, br, cz, pl, fr, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations ) +
  • Default Language Style: en, de, br, cz, pl, fr, it, ru, hu, sk, es, zhtw, fi, zhcn, nl ( feel free to send new translations )
  • Convert the FlatFile auths.db to an usefull authme.sql that you can use on a MySQL database !
  • Import your database from Rakamak, xAuth, CrazyLogin, RoyalAuth, vAuth !